Short for
Challenge Handshake Authentication Protocol, a type of
authentication in which the authentication agent (typically a network
server) sends the
client program a random value that is used only once and an ID value. Both the sender and peer share a predefined secret. The peer
concatenates the random value (or nonce), the ID and the secret and calculates a one-way
hash using
MD5. The hash value is sent to the authenticator, which in turn builds that same
string on its side, calculates the MD5 sum itself and compares the result with the value received from the peer. If the values match, the peer is authenticated.
By transmitting only the hash, the secret can't be reverse-engineered. The ID value is increased with each CHAP dialogue to protect against replay attacks.
Contrast with PAP.
